Assignment Brief
As part of the formal assessment for the programme you are required to submit a Computer Systems Security assignment. Please refer to your Student Handbook for full details of the programme assessment scheme and general information on preparing and submitting assignments.
Learning Outcomes:
After completing the module, you should be able to:
Demonstrate a conceptual understanding of common security risks and recognise the importance of risk analysis within different IT environments.
Demonstrate a systematic understanding of the key approaches to cryptography and their application
Critically evaluate relevant literature with regard to notable security issues.
Create a risk analysis for a given scenario with reference to compliance with security policies
Critically evaluate legal, social and ethical issues of secure systems. Responsible Global Citizenship - Understand global issues and their place in a globalised economy, ethical decision-making and accountability. Adopt self-awareness, openness, and sensitivity to diversity in culture.
Guidance
Your assignment should include: a title page containing your student number, the module name, the submission deadline and the exact word count of your submitted document; the appendices if relevant; and a reference list in AU Harvard system(s). You should address all the elements of the assignment task listed below. Please note that tutors will use the assessment criteria set out below in assessing your work.
You must not include your name in your submission because Arden University operates anonymous marking, which means that markers should not be aware of the identity of the student. However, please do not forget to include your STU number.
Maximum word count: 4,000 words
Please note the following:
Students are required to indicate the exact word count on the title page of the assessment.
The word count includes everything in the main body of the assessment (including in text citations and references). The word count excludes numerical data in tables, figures, diagrams, footnotes, reference list and appendices. ALL other printed words ARE included in the word count.
Please note that exceeding the word count by over 10% will result in a 10-percentage point deduction.
Assignment Task
This assignment is worth 100% of the total marks for the module.
To make this assignment more relevant and interesting for you, you will select your own real world organization (and thus case study) and then apply the concepts and techniques you have learned from this module to that case study. The case study you select must not have been used by you, or any other student, in any other module current or historic. Please ensure you check your selected organization and the scope of the case study with your tutor before starting.
Your selected organization for this case study intends to upgrade their current IT infrastructure to meet the organizational IT needs in the 21st century. You have an option of using a technology of your choice or technologies such as Internet of Things, Cloud Computing, Content Centric Networking, or Software Defined Networks for this upgrade. You as an IT Lead have been asked to write a report for the management justifying viability of the proposed future IT infrastructure in the context of its security.
Task 1
Discuss briefly the profile of your selected organization, its existing IT infrastructure, and pertinent issues with the current infrastructure to justify the need for an infrastructure upgrade.
Identify and justify the choice of technology (or technologies) you are proposing to use to upgrade the IT Infrastructure of your selected organization. You are expected to briefly compare technologies to justify your choice.
In the context of proposed future IT infrastructure for your organization, discuss critical assets (including information assets) that will need protection, and list vulnerabilities related to each of the identified assets.
Task 2
Risk analysis lies at the heart of any successful IT project. Through arguments backed by literature, justify the importance of risk analysis phase in any IT project. Also discuss what risk analysis process in relation to IT infrastructure projects entails.
Critically evaluate a range of pertinent security risks posed to the selected organization in context of their proposed IT infrastructure upgraded through the technology of your choice. Also, briefly discuss the proposed protection against those risks.
Conduct a detailed risk analysis of your organization based on the risks evaluated in Task 2b.
Task 3
Critically evaluate key aspects of the security policy of your selected organization (or an organization of a similar profile and size) also discussing how effective the policy is in protecting against security risks evaluated in Task 2b.
Cryptography acts as a key measure in tackling a range of security threats. Discuss a cryptographic approach (or a combination of approaches) you are proposing for your organization to adopt and justify your choice by briefly comparing your approach against other available approaches. Explain in what areas of your organization’s future IT infrastructure you will use the proposed cryptographic approach.
Task 4
Provide a brief assessment of the security of your proposed IT infrastructure using layered security approach.
Critically evaluate legal, social and ethical issues in relation to the security of proposed IT infrastructure.
-------------------------------------------------------------------------------------------------------------------------------
Sample Case Study that Written by Our Expert
INDEX
Task 1…………………………………………………………………………………………………04
1.1 Profile of the selected organization and existing IT infrastructure
1.2 Justification for the choice of technology to upgrade the IT infrastructure
1.3 Discussion of critical assets and vulnerabilities in the proposed future IT infrastructure
Task 2…………………………………………………………………………………………………06
2.1 Importance of risk analysis in IT projects and the process for IT infrastructure projects
2.2 Evaluation of security risks and proposed protection measures for the upgraded IT infrastructure
2.3 Detailed risk analysis of the organization based on evaluated risks
Task 3.………………………………………………………………………………………...………08
3.1 Evaluation of the security policy and its effectiveness in protecting against identified security risks
3.2 Proposal and justification for a cryptographic approach to be adopted in the organization's IT infrastructure
Task 4…………………………………………………………………………………………………10
4.1 Assessment of the security of the proposed IT infrastructure using a layered security approach
4.2 Critical evaluation of legal, social, and ethical issues related to the security of the proposed IT infrastructure
Task 1
1.1 Profile of the selected organization and existing IT infrastructure
In this case study, we have chosen PNC Financial Services as our focus organization. Known globally for providing an array of financial services, PNC Financial Services caters to varied needs such as banking, investment management, and insurance. Itha vast customer base coupled with the management of substantial private financial information; PNC Financial Services acknowledges certain challenges with its current IT infrastructure which we aim to discuss further.
Presently, PNC Financial Services rely on legacy systems, on-premises servers and decentralized data centers for its IT infrastructure. Although this setup has its benefits, there are several difficulties. Primarily, the outdated security measures of the legacy systems expose them to cyberattacks. Secondarily, the decentralization aspect of the infrastructure introduces variations in security configurations and monitoring among different locations.
This not only heightens the threats of security breaches, but also makes it arduous to establish uniform security protocols.
Furthermore, the restricted scalability of the current infrastructure inhibits PNC Financial Services' agility in addressing rapidly evolving business needs and managing escalating data volumes. In light of these issues, it becomes paramount to implement an infrastructure overhaul to enhance the IT systems of PNC Financial Services in terms of security, scalability, and flexibility.
Here is the list of Exiting IT Infrastructure:
Online banking: Customers may use online banking to access their bank accounts and carry out different types of transactions. Checking balances, making transfers, paying bills, and controlling account settings are all made simple, flexible, and available around-the-clock. To protect the confidentiality and security of consumer data, banks invest in secure online banking systems, user authentication, encryption, and transaction monitoring.
Mobile banking: Mobile banking allows users of smartphones and tablets to access online banking features. It allows users to use mobile applications to carry out banking operations while on the go. Account access, mobile deposits, bill payment, cash transfers, and notifications are just a few of the capabilities available with mobile banking. To protect sensitive information, banks give top priority to mobile security methods such device authentication, encryption, and biometric identification.
Fraud detection and prevention: Financial institutions use highly developed fraud detection and prevention systems to safeguard consumer accounts and transactions. These systems analyse trends and identify suspect activity using cutting-edge algorithms, machine learning, and artificial intelligence. They alert the user to possible fraud incidents such phishing attempts, strange transactions, and unauthorised access. By quickly identifying and mitigating fraud risks, banks aim to protect their customers' assets and maintain trust.
Behavioral analytics: Analysing consumer behaviour patterns to learn more about their preferences, wants, and possible dangers is known as behavioural analytics. Using behavioural analytics, banks may spot suspicious account activity, spot possible fraud, customise consumer interactions, and make specific product suggestions. Financial organisations may increase customer happiness, customise services, and strengthen security by better understanding client behaviour.
Data analytics: Data analytics: The process of poring over enormous volumes of data to find patterns, trends, and insights is referred to as data analytics. To improve decision-making, risk management, and customer service, financial institutions use data analytics. Banks may enhance their products, streamline operations, and spot possible hazards or opportunities by analysing client data, transaction history, market trends, and other variables.
Cloud computing: Cloud computing: Rather than depending entirely on local infrastructure, cloud computing enables financial institutions to store, manage, and access data and applications through the internet. For scalability, flexibility, and cost savings, banks use cloud services. It enables companies to adhere to strict security and regulatory standards while swiftly deploying new services, managing peak workloads, and enhancing disaster recovery capabilities.
Cybersecurity: Cybersecurity: The financial industry must give cybersecurity top priority in order to protect customer data, financial transactions, and crucial systems. Financial institutions employ stringent security measures, such as, firewalls, encryption, intrusion detection systems, and multi-factor authentication. They frequently conduct security audits, staff training, and threat intelligence analysis to effectively identify and counter evolving cyber threats.
1.2 Justification for the choice of technology to upgrade the IT infrastructure
The suggested technology for the modernization of PNC Corporation's IT infrastructure is cloud computing. Numerous advantages provided by this technology can considerably improve the operations and security posture of the firm. PNC can take advantage of a number of benefits by moving to the cloud, including greater accessibility, scalability, and security precautions.
Increased security measures is one of the main advantages of cloud computing. A strong security architecture, including firewalls, intrusion detection systems, encryption standards, and frequent security updates, is often substantially invested in by cloud service providers. PNC can strengthen its security posture and shield critical data from intrusions by utilising the knowledge and resources of these companies.
Another significant benefit provided by cloud computing is scalability. Organizations frequently have difficulties when scalability their IT resources to meet shifting demands while using traditional on-premises infrastructure. With cloud computing, you may simply scale up or down depending on your company's demands. In order to maximise resource usage and cut costs, PNC can swiftly modify its infrastructure to accommodate increasing demands during peak periods or scale back during slower times.
Scalability is yet another significant benefit provided by cloud computing. Scaling IT resources to meet shifting demands can be difficult for firms using traditional on-premises technology. Depending on the demands of the organisation, cloud computing offers the flexibility to quickly scale up or down. PNC's infrastructure can be swiftly modified to suit increasing workloads during busy periods or scale back during slack periods, maximising resource usage and lowering costs.
Cloud computing substantially increases accessibility. Accessibility is frequently restricted to certain physical areas by traditional on-premises technology. However, PNC staff members may now safely access company assets and apps from any location with an internet connection thanks to the cloud. The organisation may operate more flexibly and effectively as a result of this, which encourages remote work, cooperation, and production.
When compared to other technologies like the Internet of Things (IoT) or Software Defined Networks (SDN), cloud computing provides an all-encompassing solution that takes care of different IT needs. While the Internet of Things has certain benefits, such as better connectivity and data collection, it also poses new security risks. IoT networks' vast number of interconnected devices raises the attack surface, necessitating strong security measures to guard against any intrusions. SDN, on the other hand, has more of an emphasis on network management than on infrastructure upgrading as a whole. SDN can improve network flexibility and efficiency, however it might not cover all facets of IT infrastructure security and modernisation.
PNC Corporation can gain from a comprehensive solution that offers cutting-edge security measures, scalability, cost-efficiency, and better accessibility by selecting cloud computing for the IT infrastructure upgrade. The corporation may centralise its IT resources, streamline processes, and concentrate on its core business operations thanks to the shift to the cloud. PNC must, though, carefully assess cloud service providers, taking into account things like their security procedures, adherence to industry standards, data privacy policies, and dependability.
Additionally, PNC needs to have sound governance and risk management procedures to guarantee the effective and secure use of cloud services. This entails establishing access controls, data encryption policies, incident response processes, and routinely checking the security status of the cloud environment.
In conclusion, upgrading the IT infrastructure of PNC Corporation will greatly benefit from the use of cloud computing. The technology offers greater accessibility, scalability, cost-effectiveness, and security features. PNC can take advantage of these benefits and streamline its operations while cutting expenses and improving its security posture by moving to the cloud. A successful move to the cloud would need a careful assessment of cloud service providers and the installation of appropriate governance and risk management processes.
1.3 Discussion of critical assets and vulnerabilities in the proposed future IT infrastructure
Customer records: PNC Financial Services continues the monetary and private information of its customers, consisting of account records, a transaction records, and credit score card statistics. Identity theft, facts breaches, and unauthorized get entry to are a few of the vulnerabilities related to customer facts.
Intellectual Property: The organization owns valuable intellectual assets, which include its own buying and selling algorithms, software program, and research papers. Theft, espionage, and unauthorized disclosure are examples of vulnerabilities related to intellectual property.
Financial Systems: For transactions, trade settlements, and danger management, PNC Financial Services relies upon on reliable and secure monetary systems. Unauthorized get right of entry to, device breaches, and facts manipulation are some of the vulnerabilities on this subject.
Communication Networks: PNC Financial Services is based closely on secure and dependable communique networks for both internal and outside verbal exchange. Insecure get admission to to conversation channels, network disruptions, and interception of personal data are examples of vulnerabilities.
The proposed future IT infrastructure will place into region safeguards like strict get admission to controls, encryption, frequent protection audits, intrusion detection structures, and employee attention training programmes to deal with those weaknesses.
Task 2
2.1 Importance of risk analysis in IT projects and the process for IT infrastructure projects
By allowing for the discovery, assessment, and mitigation of possible hazards, risk analysis is essential to the success of IT infrastructure initiatives. Organisations may manage security risks, vulnerabilities, and possible repercussions like system failures, data breaches, or unauthorised access by completing a thorough risk analysis.
Risk analysis for IT infrastructure projects often entails a number of crucial elements. First, depending on their nature and possible influence on the project, potential risks are identified and categorised. Risks associated with technology, security, compliance, or outside causes may be included in this.
The possibility and possible effect of the hazards are evaluated when they have been discovered. Each detected hazard's level of risk is determined by this evaluation. Organisations may prioritise their risk management efforts and dedicate the proper resources to address the most severe risks by assessing the likelihood of occurrence and the potential repercussions.
A critical stage of risk analysis is risk prioritisation. Organisations may determine which hazards call for urgent attention and action by taking into account the likelihood and effect of each risk. In order to ensure that mitigation efforts are focused where they are most required, this prioritisation helps concentrate resources on the most important hazards.
Organisations can design risk mitigation techniques and strategies after the hazards have been prioritised. To reduce the chance of threats materialising, this may entail putting in place security measures like firewalls, intrusion detection systems, or access controls. It is possible to undertake vulnerability evaluations to find and fix weak points in the IT infrastructure, ensuring that any required patches and upgrades are installed right away. In order to provide explicit processes and practises to manage possible security threats, incident response plans might be created.
Risk analysis, however, is a continuous process. To respond to emerging threats and changing threat environments, the security posture of the IT infrastructure must be regularly tracked and assessed. Penetration testing, security audits, and regular assessments can all be used to find new risks and weaknesses. Organisations may make sure that their risk management activities are still successful and in line with the shifting threat landscape by remaining proactive and watchful.
Finally, risk assessment is a crucial part of IT infrastructure initiatives. It lets businesses to discover and assess possible risks, rank them according to likelihood and effect, and create mitigation plans. Organisations may reduce the possibility of system failures, data breaches, and unauthorised access by doing extensive risk analysis and putting the right risk management procedures in place. Additionally, ongoing monitoring and assessment of the security posture of the IT infrastructure aid in addressing emerging threats and adjusting to shifting risk environments. Organisations may improve the overall security and resilience of their IT infrastructure and safeguard their systems, data, and stakeholders by incorporating risk assessments into IT initiatives.
2.2 Evaluation of security risks and proposed protection measures for the upgraded IT infrastructure
Pertinent protection risks posed to PNC Financial Services inside the context of the proposed IT infrastructure improve thru Cloud Computing include:
Data Breaches: The migration of touchy facts to the cloud introduces the risk of unauthorized get admission to or information leakage due to inadequate security controls or vulnerabilities in cloud service companies' infrastructure.
Insider Threats: The business enterprise must recollect the possibility of inner personnel or contractors misusing their privileges or intentionally compromising the safety of the cloud surroundings.
Service Availability: Dependence on a 3rd-birthday celebration cloud provider issuer raises concerns approximately potential carrier disruptions, which could effect the company's operations and client trust
Regulatory Compliance: The organization have to ensure that the selected cloud company adheres to relevant policies, such as statistics privacy laws and enterprise-precise compliance necessities.
To protect against these dangers, PNC Financial Services will implement a comprehensive security framework that consists of encryption for records in transit and at rest, sturdy get right of entry to controls, regular vulnerability tests, intrusion detection systems, and contractual agreements with the cloud carrier provider to address safety and compliance concerns
2.3 Detailed risk analysis of the organization based on evaluated risks
Based on the identified concerns, a thorough risk analysis of PNC Financial Services includes:
The likelihood of each risk materialising must be determined, and its possible effects on the organization's operations, reputation in the community, and financial stability must be considered in order to manage risks inside an organisation efficiently. Organisations can prioritise risks depending on severity and their level of risk tolerance by properly comprehending the risks at hand, with an emphasis on those risks that have a higher possibility of occurring and severe repercussions.
It's crucial to create and carry out risk mitigation strategies that are specific to each identified risk after hazards have been prioritised. These plans should include precise tactics and precautions that will successfully reduce the risks. There are a number of strategies that can be used, such as putting in place technical safeguards like strong cybersecurity measures, adhering to pertinent laws and rules, running staff education programmes to promote risk awareness and best practises, and developing incident response plans to deal with potential incidents quickly and effectively.
The efficacy of risk mitigation techniques must be continuously monitored and evaluated in order to spot emerging risks. Organisations may stay proactive in spotting any gaps or vulnerabilities and taking the required steps to remedy them by conducting regular assessments of the implemented risk mitigation measures. Organisations may modify their risk management strategies in response to developing risks and shifting conditions thanks to this continual review process.
Organisations may reduce the possibility and effects of risks on their operations, reputation, and financial stability by adhering to certain risk management practises. A thorough and proactive approach to risk management not only protects the organization's interests but also fosters trust among all parties involved, including clients, investors, and the general public. It displays the company's dedication to good risk management procedures and its capacity to deal with possible difficulties successfully, encouraging confidence and resiliency in the face of uncertainty.
Task 3
3.1 Evaluation of the security policy and its effectiveness in protecting against identified security risks
In order to mitigate the security threats identified in Task 2b, PNC Financial Services' security policy is essential. The principal security policy components that require critical assessment are as follows:
Examine the policy's objectives and coverage of all pertinent information security issues to see if they are in line with the organization's overall goals as well as with statutory requirements and industry best practises.
Roles and Responsibilities: Consider how well the security policy's established and articulated the roles and responsibilities are. The management of access restrictions, incident response, and security awareness training are included in this.
Examine the efficiency of the security measures and controls described in the policy, such as staff security awareness programmes, access control procedures, and encryption standards.
Policy Compliance and Enforcement Examine the systems in place for enforcing the security policy, keeping track of compliance, and dealing with instances of non-compliance. This includes routine security reviews, incident reporting processes, and reprimands for breaking rules.
Based on the review, suggestions for strengthening the security policy can be made, including revisions to or expansions of the policy statements, improvements to staff training programmes, and enhancements to monitoring and enforcement procedures.
3.2 Proposal and justification for a cryptographic approach to be adopted in the organization's IT infrastructure
Combining symmetric and asymmetric encryption techniques is the recommended cryptographic strategy for PNC Financial Services in order to guarantee the privacy, integrity, and security of data transfers and different internal communication channels.
For secure communication between PNC's internal networks and systems, symmetric encryption will be used. In symmetric encryption, the encryption and decryption operations employ the same shared key. This approach is appropriate for internal communications where the emphasis is on efficiency and performance since it delivers high-speed data encryption and decryption. It guarantees that information exchanged inside the company is kept private and secure from unauthorised access.
To protect external communication channels, such as client-server interactions and data transfers with business partners, asymmetric encryption, more especially RSA, will be used. A pair of keys is used for asymmetric encryption: a public key for encryption and a private key for decryption. While the receiver secures the private key, the public key is freely shared. As sharing a single key is not necessary with this strategy, security is increased. It makes it possible to communicate securely with other parties, guaranteeing that private information is kept private and cannot be intercepted or altered while being transmitted.
PNC tries to combine computational performance and security by integrating symmetric and asymmetric encryption. Asymmetric encryption adds an additional degree of protection for external communications whereas symmetric encryption is effective for communications within an organisation. Due to the drawbacks of other cryptographic techniques like elliptic curve cryptography and hash functions, this method was chosen instead. While useful for data integrity checks, hash functions are unable to guarantee confidentiality on their own. Although safe, elliptic curve encryption may need more processing resources and may not be supported by all computers.
The recommended cryptographic technique will be used in PNC's future IT architecture to safeguard different areas of the business' operations. Internal network data transfers, remote access to critical systems, authentication processes to assure authorised access, and digital signatures to confirm the integrity and validity of digital documents are all included in this.
PNC Financial Services hopes to protect the privacy, accuracy, and security of its communications and data transfers by using this cryptographic method. It offers a strong foundation to guard against unauthorised access, interceptions, and modification of sensitive information. This strategy is consistent with PNC's dedication to data security, legal compliance, and upholding the confidence of its partners and clients.
Task 4
4.1 Assessment of the security of the proposed IT infrastructure using a layered security approach
A layered security technique will be used to assess the security of PNC Financial Services' projected IT infrastructure. Using this approach, you may create a defense-in-depth strategy by implementing many layers of protection. The evaluation's primary focus will be on the levels below:
perimeter protection Analyse the effectiveness of firewalls, intrusion prevention systems, and secure gateway setups in preventing external attacks.
Network Protection Consider network segmentation, VLANs, and access controls to limit access and preserve secure communication
Network Security Review operating system hardening procedures, patch management techniques, and security settings to protect against vulnerabilities and unauthorised access.
Examine the security measures implemented for apps, such as secure coding guidelines, input validation, and access controls.
Data Protection Consider the encryption techniques, data classification, and access limitations to ensure the confidentiality, integrity, and accessibility of sensitive data.
Physical Protection Consider physical access limits, video monitoring, and environmental controls to prevent unauthorised physical entry and potential harm.
Each layer of security may be examined for potential vulnerabilities, and the appropriate steps can then be made to enhance the overall security posture of PNC Financial Services' IT infrastructure.
4.2 Critical evaluation of legal, social, and ethical issues related to the security of the proposed IT infrastructure
For PNC Financial Services, data security is a top priority, and adherence to data privacy laws is crucial. To safeguard individual privacy rights and guarantee the correct treatment of personal data, compliance with laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) must be evaluated. PNC must implement strong security measures, including as encryption, access restrictions, and data categorization standards, to protect sensitive information. Regular audits and assessments may support the development of stakeholder and consumer confidence by assisting in the identification of risks and ensuring compliance with privacy laws.
Another crucial component of PNC's IT infrastructure is intellectual property protection. PNC needs to assess the security precautions used to protect intellectual property rights and stop unauthorised access to, use of, or theft of personal information. In order to identify and address possible risks to intellectual property, this involves putting access limits, encryption, and monitoring systems in place. PNC can defend its competitive advantage and avoid the unauthorised exposure or abuse of sensitive information by protecting proprietary information.
Technology ethics are a crucial factor for PNC Financial Services. The IT infrastructure must support and uphold each person's rights and moral standards. PNC has to think carefully on the moral ramifications of data gathering, monitoring methods, and the use of new technology. This involves making sure that data usage is transparent, getting people's consent after informing them, and preserving data privacy and security throughout the whole data lifespan. By giving ethical issues first priority, PNC may win over consumers' trust and show that it is committed to ethical data handling.
Financial organisations, like PNC, are very concerned about cybersecurity. To guard against cyber threats and hold responsible for security breaches, it is necessary to assess compliance with major cybersecurity policies and regulations. To implement efficient security controls and incident response protocols, PNC must remain current on standards and laws that are relevant to the sector, such the Cybersecurity Framework. Regular vulnerability analyses, penetration tests, and staff training may reduce risks and improve the organization's overall cybersecurity posture.
PNC Financial Services can handle legal obligations, societal expectations, and ethical concerns by critically analysing these problems and building a safe and ethical IT infrastructure. Customer trust is increased through data security compliance, which guarantees the protection of personal information and privacy rights. Protecting intellectual property keeps PNC's competitive advantage and preserves confidential information. Technology used ethically shows respect for individual rights and prudent data handling techniques. Last but not least, putting cybersecurity first safeguards against developing online threats and keeps PNC's IT infrastructure stable and reliable.
REFERENCES
Journal Articles:
Lodha, H. (2022). An Overview of Cyber Crimes in Banking Sector, 25, 102-118.
Olivér, G., & Gábor, K. (2023). Impact of cyber-attacks on the financial institutions, 219 (2023) 84–90.
Tim Maurer and Arthur Nelson (2021), The global cyber threat.
Benoît Dupont (2019), The cyber-resilience of financial institutions: significance and applicability, Journal of Cybersecurity, Volume 5, Issue 1, 2019, tyz013.
Xiang Michelle Liu (2021), A Risk-based Approach to Cybersecurity: A Case Study of
Financial Messaging Networks Data Breaches, ISSN: 2163-9280 V18 N1 A2.
Books:
Whitman, E. (2002). Principles of Information Security. Sydney, AU: Course Technology Inc..